Number: AV18-100
Date: 14 June 2018
Purpose
The purpose of this advisory is to bring attention to an Intel security advisory regarding the Lazy FP state restore vulnerability affecting Intel Core-based microprocessors.
Assessment
System software may opt to utilize Lazy FP which is potentially vulnerable to exploits
where one process may infer register values of other processes through a speculative
execution side channel that infers their value. Unauthenticated actors could take advantage of this vulnerability and acquire sensitive encryption keys.
Affected Products:
- Intel® Core-based microprocessors
CVE Reference: CVE-2018-3665
Suggested Action
CCIRC recommends that owner/operators test and deploy the vendor released updates to the affected platforms in accordance with their risk mitigation framework.
References:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html